From: Tim Fletcher (groupstudy@fletchmail.net)
Date: Thu Aug 19 2004 - 16:30:47 GMT-3
Sam,
The answer is, it depends. Are you trying to block www connecions in one direction or both. If only one direction, then you only need to block the requests in that direction, which can be done in several ways. If both, it depends on how you are applying the acl. Heres's a couple of examples:
#1
access-list 102 deny tcp any any eq www
interface <external>
ip access-group 102 in
interface <internal>
ip access-group 102 in
#2
access-list 102 deny tcp any any eq www
interface <either>
ip access-group 102 in
ip access-group 102 out
#3
access-list 102 deny tcp any any eq www
access-list 102 deny tcp any eq www any
interface <either>
ip access-group 102 <either in or out>
-Tim Fletcher
At 04:16 AM 8/18/2004, samccie2004@yahoo.co.uk wrote:
>Hi Group
>
>When asked to deny WWW traffic
>
>Would it be correct to have solution 1, to ensure both http requests and
>replies are blocked.
>Or solution 2, assuming that if no requests are made in first place, no
>replies will follow, therefore no need to block them.
>
>
>Solution 1
>access-list 102 deny tcp any any eq www
>access-list 102 deny tcp any eq www any
>
>Solution 2
>access-list 102 deny tcp any any eq www
>
>TIA
>
>Sam
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:46 GMT-3